This repository was archived by the owner on Dec 26, 2020. It is now read-only.
refactor authenticationmethod settings, allow user to set authenticationmethods by himself #219
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rndmh3ro
reviewed
Apr 30, 2019
templates/opensshd.conf.j2
Outdated
| {% if ssh_pam_device %} | ||
| AuthenticationMethods publickey,keyboard-interactive:pam | ||
| # Set AuthenticationMethods per default to publickey | ||
| AuthenticationMethods {{ sshd_authenticationmethods|default("publickey") }} |
There was a problem hiding this comment.
|default("publickey") is unnecessary here since its set by default in defaults.
None of this, I'd say. We just do it like this: This way, we have secure defaults but everyone can change these to whatever they need. What do you think?
|
Signed-off-by: szEvEz <szivos.john@gmail.com>
…ionmethods by himself Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Guillaume Bernard <contact@guillaume-bernard.fr> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Sebastian Gumprich <github@gumpri.ch> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Sebastian Gumprich <github@gumpri.ch> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Sebastian Gumprich <github@gumpri.ch> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Sebastian Gumprich <github@gumpri.ch> Signed-off-by: szEvEz <szivos.john@gmail.com>
fix #224 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@supplyon.com> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Norman Bestfleisch <norman.bestfleisch@netresearch.de> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Norman Bestfleisch <norman.bestfleisch@netresearch.de> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Matthias Lohr <mail@mlohr.com> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Sebastian Gumprich <github@gumpri.ch> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: Gobind Singh <gobindsingh108@gmail.com> Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
# The first commit's message is: Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes parameters. Signed-off-by: Schonecker, Brian <brian.schonecker@bkfs.com> # The 2nd commit message will be skipped: # Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes parameters. Signed-off-by: szEvEz <szivos.john@gmail.com>
Signed-off-by: szEvEz <szivos.john@gmail.com>
…EvEz/ansible-ssh-hardening into rework-authentication-methods
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently WIP - but feel free to take a look. - Still need to test with all AuthenticationMethods
Introducing Breaking changes, as parameters are removed.
Referencing #170 and #172
@rndmh3ro
I am just not sure about setting some parameter again, depending on the chosen AuthenticationMethod.
e.g. For AuthenticationMethods: password -> we require that PasswordAuthentication is set to yes. Do we want to define them again or add further conditionals to the existing params?